Home / Training / IT Training / CISCO / CCNP Security


CCNP Security

CCNP Security certification program in Bangalore is aligned particularly to the job role of the Cisco Network Security Engineer responsible for Security in Networking devices, appliances, Routers and Switches, as well as choosing, supporting, deploying and troubleshooting Firewalls, IDS/IPS, and VPNs solutions for their networking environments.

The CCNP Security certification is the most efficient way to assure Network Security Engineers have the practical skills required to deploy service, support, and maintain Cisco network security solutions. CCNP Security delivers the practical skills needed to enforce cybersecurity performance, gain high quality security service levels, and meet compliance mandates.


Valid CCNA Security Certification.

Duration of the course:
Part Time : 120 Days (2 hrs/day)
Full Time : 60 Days ( 4 hrs/day)

Key Benefits:

This new certification program is for Cisco Network Security Engineers who are responsible for testing, deploying, configuring, and troubleshooting the core technologies that make up a Cisco secure network. The new CCNP Security curriculum assesses an engineer's competency in using network-critical technologies and products, such as Cisco IOS security features in Cisco routers and switches, firewalls, VPNs, and intrusion prevention and detection systems.

Course Contents:

Implementing Cisco Edge Network Security Solutions (300-206):

  • Implement ACLs.
  • Implement static/dynamic NAT/PAT.
  • Implement object groups.
  • Describe threat detection features.
  • Implement botnet traffic filtering.
  • Configure DHCP snooping.
  • Describe dynamic ARP inspection.
  • Describe storm control.
  • Configure port security.
  • Describe common Layer 2 threats and attacks and mitigation.
  • Describe MACSec.
  • Configure device hardening per best practices.
  • Configure application filtering and protocol inspection.
  • Describe virtualized firewalls.
  • Implement SSHv2, SSL, SNMPv3 access on the network devices.
  • Implement RBAC on the ASA/IOS CLI and on ASDM.
  • Describe Cisco Prime Infrastructure.
  • Describe CSM.
  • Implement device managers.
  • Implement NetFlow exporter.
  • Implement SNMPv3.
  • Implement logging.
  • Implement NTP with authentication.
  • Describe CDP, DNS, SCP, SFTP, and DHCP.
  • Monitor firewall using analysis of packet tracer, packet capture, and syslog.
  • Design a firewall solution.
  • Design Layer 2 security solution.
  • Describe security operations management architecture.
  • Describe Data Center security components and considerations.
  • Describe Collaboration security components and considerations.
  • Describe common IPv6 security considerations.

Implementing Cisco Threat Control Solutions (300-207):

  • Content Security.
  • 1.2 Implement Cisco Cloud Web Security.
  • Implement Cisco WSA .
  • Implement Cisco ESA.
  • Describe features and functionality.
  • Implement email encryption.
  • Implement anti-spam policies.
  • Implement virus outbreak filter.
  • Implement DLP policies.
  • Implement anti-malware.
  • Implement inbound and outbound mail policies and authentication.
  • Describe traffic redirection and capture methods.
  • Implement network IPS.
  • Describe traffic redirection and capture methods.
  • Configure network IPS.
  • Describe signatures.
  • Implement event actions.
  • Configure event action overrides.
  • Implement risk ratings.
  • Describe router-based IPS.
  • Configure device hardening per best practices.
  • Content Security appliances.
  • Implement Network IPS.
  • Describe signatures.
  • Configure blocking.
  • Implement anomaly detection.
  • Devices GUIs and Secured CLI.
  • Implement Content Security.
  • Troubleshooting, Monitoring and Reporting Tools.
  • Configure IME and IP logging for IPS.
  • Monitor Content Security.
  • Monitor Cisco Security IntelliShield.
  • Threat Defence Architectures.
  • Design IPS solution.
  • Content Security Architectures.
  • Design Web security solution.
  • Design Email security solution.
  • Design Application security solution.

Implementing Cisco Secure Access Solutions (300-208):

  • Identity Management/Secure Access.
  • Implement device administration.
  • Compare and select AAA options like TACACS+,RADIUS.
  • Describe Native AD and LDAP.
  • Describe identity management.
  • Describe features and functionality of authentication and authorization.
  • Describe identity store options (i.e., LDAP, AD, PKI, OTP, Smart Card, local).
  • Implement accounting.
  • Implement wired/wireless 802.1x.
  • Describe RADIUS flows.
  • AV pairs.
  • EAP types.
  • Describe supplicant, authenticator, server.
  • Supplicant options.
  • 802.1X phasing (monitor mode, low impact, closed mode).
  • AAA server.
  • Network access devices.
  • Implement MAB.
  • Implement network authorization enforcement.
  • dACL.
  • Dynamic VLAN assignment.
  • Describe SGA.
  • Named ACL.
  • CoA.
  • Implement central web authorization.
  • Implement profiling.
  • Implement guest services.
  • Implement posturing.
  • Implement BYOD access.
  • Describe elements of a BYOD policy.
  • Device registration.
  • My devices portal.
  • Describe supplicant provisioning.
  • Threat Defense.
  • Implement firewall.
  • Describe SGA ACLs.
  • Troubleshooting, Monitoring and Reporting Tools.
  • Troubleshoot identity management solutions.
  • Threat Defense Architectures.
  • Design highly secure wireless solution.
  • Identity Management Architectures.
  • Design AAA security solution.
  • Design profiling security solution.
  • Design posturing security solution.
  • Design BYOD security solution.
  • Design device administration security solution.
  • 5Design guest services security solution.

Implementing Cisco Secure Mobility Solutions (300-209):

  • Implement site-to-site VPNs on routers and firewalls.
  • Describe GETVPN.
  • Implement IPsec (with IKEv1 and IKEv2).
  • Implement DMVPN (Hub-Spoke and spoke-spoke).
  • Implement remote access VPNs on routers and firewalls.
  • Implement AnyConnect IKEv2 VPNs.
  • Implement SSLVPN: client and clientless.
  • Implement site-to-site VPNs on routers and firewall.
  • Implement FlexVPN.
  • Implement remote access VPNs on routers and firewalls.
  • Implement SSLVPN: client and clientless.
  • Implement FLEX VPN.
  • Analyze syslog and VPN debug logs using ASDM.
  • Design site-to-site VPN solution.
  • Design remote access VPN solution.
  • Describe encryption, hashing, NGE.